The following issues were fixed in the 4.4.2 upstream version of WordPress: - An open redirection attack: https://core.trac.wordpress.org/changeset/36444 - A possible SSRF for certain local URIs: https://core.trac.wordpress.org/changeset/36435 CVEs assigned in: http://seclists.org/oss-sec/2016/q1/283 External References: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
Created wordpress tracking bugs for this issue: Affects: fedora-all [bug 1305472] Affects: epel-all [bug 1305473]